We keep pretty close track of our finances and our credit history, so I'm confident we would have found anything amiss pretty quickly.
I am, however, quite pleased to note that the laptop and missing data have been recovered. The FBI seems to think taht the data had not been accessed, which makes about 26 million people breath a sigh of relief (although I don't know if I'd really relax much). An employee had the data at home on a laptop, which raise some serious issues about security. But -- the interesting part was this:
At the time, VA officials were quick to blame the data analyst involved for violating agency policy in taking the laptop home. However, it has since emerged the worker, who was placed on administrative leave during the course of an inquiry, had written permission to take the sensitive data away from VA offices in order to work from home.It still should have been ecrypted, and stored only on the servers in the office behind firewalls -- and frankly, the employee should have been accessing them remotely using one of the many VPN protocols. There are a lot of holes in this process and no one seems to have thought much about security.
3 comments:
Question -- if the data isn't supposed to be portable, why is it ON A LAPTOP?????!?!?!?!?
I agree, there are any number of ways to secure this data using secure servers. My PhD data is better protected than that stuff!
A nice article which covers basically the same thing you did just hit the IHT:
http://www.iht.com/articles/2006/07/12/business/laptop.php
Argh. The rest of the link is
/07/12/business/laptop.php
Post a Comment